Running R Analysis In Existing Projects
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only R project helper, but it can modify project files, rerun reports, and install R packages when the user asks.
This skill appears safe for its stated purpose, but it is meant to edit and run code in an existing R project. Before installing or invoking it, make sure your project is backed up or under version control, confirm package installations, and review changes before regenerating reports or overwriting outputs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may edit scripts, reports, and generated results in the current R project.
The skill is explicitly intended to read and modify existing project files and outputs. This is purpose-aligned, but it changes user work products.
Read current scripts and reports ... Add new models or statistical tests ... Overwrite or version new outputs in `results/`
Use version control or backups, ask the agent to show a plan and diff before applying changes, and confirm any overwrite requests.
Report regeneration may run R code and commands embedded in the user’s project files.
Rendering Quarto or R Markdown reports normally executes code chunks from the project. That is expected for this skill, but it can run local project code.
quarto render reports/analysis_report.qmd
# or
rmarkdown::render("report.Rmd")Only use this skill on projects you trust, and review report chunks or scripts before rendering if the project came from another source.
Installing packages can add third-party code and dependencies to the user’s R environment.
The workflow may install external R or Bioconductor packages. This is normal for R analysis, but the examples do not pin package versions or repositories.
install.packages("lme4") # For mixed models
# Or Bioconductor
BiocManager::install("DESeq2")Confirm package installations, prefer trusted repositories, and use renv or a lockfile when reproducibility matters.